Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within JSF Search Coderanch
Advance search Google search
Register / Login
granny book review grid thread boost advertise on coderanch polymorphism
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
meaningless drivel book review grid thread boost advertise on coderanch building better world book
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Jeanne Boyarsky
  • Ron McLeod
Sheriffs:
  • Paul Clapham
  • Liutauras Vilda
  • Devaka Cooray
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

Authentication via an LDAP server

 
Richard Dennis
Greenhorn
Posts: 9
posted 12 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Hey guys i have created a php code that authenticates users via our LDAP server but i now instead of using PHP have to do this through glassfish

here is the working php code :

<?php

$authenticated = false;

# If that wasn't the case, then validate the username and password and set the session up.
if(!$authenticated && $_SERVER['PHP_AUTH_USER'] && $_SERVER['PHP_AUTH_PW']){
$ldap = ldap_connect("ldap://uni.ds.port.ac.uk") or die("Connection to AD failed.");

# This could be [email protected] instead but then anyone in AD could authenticate.
$username = "CN=".$_SERVER['PHP_AUTH_USER'].",OU=Students,OU=Users,OU=UNI,DC=uni,DC=ds,DC=port,DC=ac,DC=uk";

# Check you can bind with these credentials.
if($bind = ldap_bind($ldap, $username, $_SERVER['PHP_AUTH_PW'])) {
$result = ldap_search($ldap, "OU=Non Admin,OU=Staff,OU=Users,OU=UNI,DC=uni,DC=ds,DC=port,DC=ac,DC=uk", "CN=".$_SERVER['PHP_AUTH_USER']);
if($result){
$authenticated = 1;
}
}
}

# If they aren't already authenticated by now, ask the browser to authenticate them.
if(!$authenticated){
header('WWW-Authenticate: Basic realm="Active Directory Login"');
header('HTTP/1.0 401 Unauthorized');

# This will be output if they press 'cancel' on the prompt.
echo 'You have failed to authenticate. Please login with a valid Active Directory username and password. ('.ldap_error($ldap).')';
exit;
}

?>

Now i have to set up the glassfish sever, i am using netbeans to create a webapp that needs ldap authentication i have used, it is glassfish 3.1.2 btw, below is my code and set up i have used, but i can not get it to authenticate, what am i doing wrong ?

login.xhtml
<h:body>
<form method="post" action="j_security_check">
<p>You need to log in to access protected information.</p>
<table>
<tr>
<td>User name:</td>
<td><input type="text" name="j_username" /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password" /></td>
</tr>
</table>
<p><input type="submit" value="Login" /></p>
</form>
</h:body>
loginError.xhtml
<h:body>
<p>Sorry--authentication failed. Please try again.</p>
</h:body>
secure/securePage.xhtml
<h:body>
This is a secure page
</h:body>

To create the actual Realm In Glassfish open the admin console (http://localhost:4848 in my dev environment). Select Configurations->server-config->Security->Realms click on new and start putting in the information. Type in a "Realm Name" whatever you want it to be called our case is MYREALM. The JAAS Context must be: ldapRealm the Directory is the ldap host ldap://hostname:389 and the Base DN is simply the DN that holds the users.

In my case it was ou=Company Users,dc=Company,dc=corp.

I left the "Assign Groups" empty.

The Additional properties section has these applicable properties (http://download.oracle.com/docs/cd/E19830-01/819-4712/ablpe/index.html):

search-filter="(sAMAccountName=%s)"
group-base-dn="cn=Application Users,ou=Company Groups,dc=Company,dc=corp"
search-bind-password="password"
group-search-filter="(member=%d)"
search-bind-dn="ldapuser"

Note that I have quotes on these properties. I noticed that I had to put the properties in quotes into the console form in order for it to work. I had to delete and recreate the realm whenever I wanted to make a change because whenever I clicked on "save" the form would append extra quotes to the Properties specific to this Class section.

Once the realm is created you can add the following to your web.xml file in order to use it:

<security-constraint>
<display-name>Application Users</display-name>
<web-resource-collection>
<web-resource-name>SecurePages</web-resource-name>
<description/>
<url-pattern>/faces/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Application Users desc</description>
<role-name>Application Users</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>MYREALM</realm-name>
<form-login-config>
<form-login-page>/login.xhtml</form-login-page>
<form-error-page>/loginError.xhtml</form-error-page>
</form-login-config>
</login-config>
<security-role>
<description/>
<role-name>Application Users</role-name>
</security-role>
 
Oh, sure, you could do that. Or you could eat some pie. While reading this tiny ad:
Smokeless wood heat with a rocket mass heater
https://woodheat.net
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...